From 14745ce90e92d71afe6f357dcfc42a39308f9996 Mon Sep 17 00:00:00 2001 From: Nikunj Hatkar Date: Fri, 28 Mar 2025 11:35:37 +0000 Subject: [PATCH 1/3] Improve url validation to check duplicate protocol --- .../Plugin_Repo/Plugin_Header_Fields_Check.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php b/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php index d0962672e..f30e13f6e 100644 --- a/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php +++ b/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php @@ -485,7 +485,17 @@ public function run( Check_Result $result ) { * @return bool true if the URL is valid, otherwise false. */ private function is_valid_url( $url ) { - return filter_var( $url, FILTER_VALIDATE_URL ) === $url && str_starts_with( $url, 'http' ); + if ( filter_var( $url, FILTER_VALIDATE_URL ) !== $url || ! str_starts_with( $url, 'http' ) ) { + return false; + } + + // Detect duplicated protocol (e.g., "https://http://example.com/"). + $parsed_url = wp_parse_url( $url ); + if ( isset( $parsed_url['scheme'] ) && str_contains( substr( $url, strlen( $parsed_url['scheme'] ) + 3 ), '://' ) ) { + return false; + } + + return true; } /** From c43fd6d4f4fd3e72339a1db03f5fcf69ffb422e9 Mon Sep 17 00:00:00 2001 From: Nikunj Hatkar Date: Fri, 28 Mar 2025 11:47:29 +0000 Subject: [PATCH 2/3] Fix PHP Code Linting --- .../Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php b/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php index f30e13f6e..ed6a820d4 100644 --- a/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php +++ b/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php @@ -488,13 +488,13 @@ private function is_valid_url( $url ) { if ( filter_var( $url, FILTER_VALIDATE_URL ) !== $url || ! str_starts_with( $url, 'http' ) ) { return false; } - + // Detect duplicated protocol (e.g., "https://http://example.com/"). $parsed_url = wp_parse_url( $url ); if ( isset( $parsed_url['scheme'] ) && str_contains( substr( $url, strlen( $parsed_url['scheme'] ) + 3 ), '://' ) ) { return false; } - + return true; } From 0d4e66fa0af19b966a732e4807466cd8fd598e1a Mon Sep 17 00:00:00 2001 From: davidperezgar Date: Sun, 6 Apr 2025 12:02:28 +0200 Subject: [PATCH 3/3] added test for duplicated protocol --- .../load.php | 17 +++++++++++++++++ .../Checks/Plugin_Header_Fields_Check_Tests.php | 16 ++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 tests/phpunit/testdata/plugins/test-plugin-header-fields-duplicated-protocol-with-errors/load.php diff --git a/tests/phpunit/testdata/plugins/test-plugin-header-fields-duplicated-protocol-with-errors/load.php b/tests/phpunit/testdata/plugins/test-plugin-header-fields-duplicated-protocol-with-errors/load.php new file mode 100644 index 000000000..2f68e4f51 --- /dev/null +++ b/tests/phpunit/testdata/plugins/test-plugin-header-fields-duplicated-protocol-with-errors/load.php @@ -0,0 +1,17 @@ +assertEmpty( $errors ); } + + public function test_run_with_errors_duplicated_protocol_is_valid_url() { + $check = new Plugin_Header_Fields_Check(); + $check_context = new Check_Context( UNIT_TESTS_PLUGIN_DIR . 'test-plugin-header-fields-duplicated-protocol-with-errors/load.php' ); + $check_result = new Check_Result( $check_context ); + + $check->run( $check_result ); + + $errors = $check_result->get_errors(); + + $filtered_items = wp_list_filter( $errors['load.php'][0][0], array( 'code' => 'plugin_header_invalid_author_uri' ) ); + + $this->assertCount( 1, $filtered_items ); + $this->assertStringContainsString( 'Author URI', $filtered_items[1]['message'] ); + $this->assertStringContainsString( 'is not valid', $filtered_items[1]['message'] ); + } }